Bas Westerbaan <[email protected]> wrote: > This is the breakdown of client support Cloudflare sees (relative to any PQ > support) in the last 24 hours by handshakes: > > 94% X25519MLKEM768 > 8.1% X25519Kyber768 > 0.038% MLKEM768 > 0.014% CECPQ2 > 0.012% MLKEM1024 > 0.002% SecP384MLKEM1024 > 0.002% SecP256MLKEM768 > 0.00005% MLKEM512 > 0.0000003% SecP256Kyber768
[...] > I can see an argument for Recommended=Y for both X25519MLKEM768 and > SecP384MLKEM1024, but I do not see any value in recommending both > X25519MLKEM768 and SecP256MLKEM768. On the flip side, and as just some data points here, I recently did a check[1] of which sites/providers offer PQC, and what key groups they support. Not surprisingly, it's almost all (and _only_) X25519MLKEM768. Amazon Cloudfront (as pretty much the only large service provider) offers SecP256r1MLKEM768. This is not surprising: AFAICT, the browsers only support X25519MLKEM768. If no servers offer anything else, then browsers have no incentive to implement other key groups; if no browsers offer other keygroups, then servers have no incentive to offer them. -Jan [1] https://www.netmeister.org/blog/pqc-use-2025-09.html _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
